Primary Menu

While school shootings, unfortunately, are nothing new, we are seeing them occur with greater frequency. Without getting into my thoughts on firearms, I will say that preparedness, prevention, and mitigation for mass shooting incidents in schools and other soft targets of opportunity, are multi-faceted. Shooters are just as much of a persistent threat as hurricanes, tornadoes, or flooding; amplified by the will of the shooter(s) to do harm and their ability to reason through paths of deterrence. While a number of measures can and should continue to be implemented to prevent and protect soft targets, just as we do with natural hazards, we must continue to prepare for an attack that slips past or through our preventative measures.

Readers will know that I’m a huge advocate of exercises in the emergency management/public safety/homeland security space. While the primary purpose of exercises is to validate plans, policies, and procedures; we also use them to practice and reinforce activities. Certainly every school, college, shopping mall, office building, and other mass gathering space should hold active shooter drills. Many of these facilities already conduct regular fire evacuation drills, and shooter drills should also be added to the mix.

Where to start? First of all, you need a plan. ALL EXERCISES START WITH A PLAN. The sheer number of exercises I’ve seen conducted with no plan or a knowingly poor plan in place is staggering. If people don’t know what to do or how to do it, the value of the exercise is greatly diminished. If you are a responsible party for any of these spaces, reach out to your local law enforcement and emergency management office for assistance in developing an active shooter protection plan. If you are a regulated facility, such as a school or hospital, the state offices that provide your oversight are also a resource. You can find some planning guidance here and here. While your focus with this activity is an active shooter protection plan, recognize that you will also need to re-visit the public information component of your emergency operations plan (you have one, right?) and your business continuity plan, as I guarantee you will need to reference these in the event of a shooting incident. A final note on planning… don’t do it in a vacuum! It should be a collaborative effort with all relevant stakeholders.

As for exercises, consider what you want to accomplish and who needs to be involved. In a mall, it’s not wise to include shoppers in exercises since they are a transient audience and forcing their involvement will very likely be some bad PR and impact stores financially. That said, you need to anticipate that mall shoppers won’t know what to do or how to react to a shooter, therefore mall staff need to be very forceful and persistent in how they deal with patrons in such an incident. Therefore, involving mall staff along with law enforcement and other stakeholders in an off-hours exercise is a great idea.

Schools, however, are a different situation, as their populations are static for an extended period of time. While school faculty and staff should exercise with law enforcement, there are different thoughts on how and when to involve kids in these exercises. There are some that advocate their involvement, while there are some who are adamantly opposed. I reflect back on fire evacuation drills, which occur with regularity in schools. These drills reinforce procedure and behavior with students. They know they need to line up and proceed calmly and well behaved along a designated path to exit the building, proceeding to a meeting spot where teachers maintain order and accountability. These are behaviors that stick with many into adulthood if they find themselves in a fire evacuation (drill or otherwise) – so it’s also a learning experience. The same holds for tornado and earthquake drills, which are held regularly in many areas around the country. Fundamentally, for a shooter situation, we also need to reinforce procedure and behavior with students. They need to know what to do in lockdown, lockout, and evacuation.

The prospect of a shooter is a horrible thing for anyone to deal with, much less a child. I’ve spoken to parents who, themselves, are horrified about the prospect of speaking to their children about a shooter in their school. In every occasion, I’ve said this: You damn well better talk to them about it. This is a discussion with perhaps greater importance than talks about strangers, drugs, alcohol, or sex; and it needs to begin with children from kindergarten on up. Schools need to teach students what to do when the alert occurs for an active shooter – typically this involves getting them safely out of view from someone who might be in the hallway while teachers lock or barricade the door and turn off lights. Students need to understand the gravity of the situation and remain still and quiet. Evacuation will generally only occur under someone’s direction. There will be loud noises and it’s likely the police won’t speak kindly as they are clearing rooms, looking for a shooter and potential devices. To be certain, it’s scary for adults and I wish our children didn’t have to endure such a thing, but practicing and reinforcing procedures and behavior will save lives. I’ll offer this article, that discusses some of the potential psychological impacts of shooter drills on kids. These impacts are a reality we also need to deal with, but I think the benefits of the drills far outweigh the costs.

Mass shootings, like most aspects of public safety, underscore the need for us to do better not only in public safety response, but also as a society. The answers aren’t easy and there is no magic pill that will provide a solution to it all. It requires a multifaceted approach on the part of multiple stakeholders, sadly even those as young as four years old, to prepare, prevent, and protect.

Continuing from my previous blog post, I’ll answer a search phrase used to bring someone to my blog. Earlier this month, someone searched ‘Is HSEEP training mandatory?’. We speak, of course, of the Homeland Security Exercise and Evaluation Program, which is the DHS-established standard in exercise program and project management.

The short answer to the question: Maybe.

Generally speaking, if your exercise activities are funded directly or indirectly by a federal preparedness grant, then grant language usually requires that all exercises are conducted in accordance with HSEEP. While most federal grant guidance doesn’t explicitly state that exercise personnel must be formally trained in HSEEP, it’s kind of a no-brainer that the fundamental way to learn the standards of practice for HSEEP so you can apply them to meet the funding requirement is by taking an HSEEP course. If you are a jurisdiction awarded a sub-grant of a federal preparedness grant or a firm awarded a contract, there may exist language in your agreement, placed there by the principal grantee, that specifically requires personnel to be trained in HSEEP.

Beyond grant requirements, who you work for, who are you, and what you do generally don’t dictate any requirement for HSEEP training. Aside from the federal grant funding or contracts mentioned, there is no common external requirement for any organization to have their personnel trained in HSEEP. If your organization does require it, this is likely through a management-level decision for the organization or a functional part of it.

So, while HSEEP is a standard of practice, training in HSEEP, in general terms, is not a universal requirement. That said, I would certainly recommend it if you are at all involved in the management, design, conduct, or evaluation of exercises. FEMA’s Emergency Management Institute (EMI) offers HSEEP courses in both a blended learning and classroom format. The emergency management/homeland security offices of many states and some larger cities offer them as well.

One brilliant thing about WordPress (the blog platform I use), is that it allows me to see some of the searches that brought people to my site. One of those recent searches was ‘what does the Liaison Officer do in ICS?’. The Liaison Officer has some of the greatest depth and variety in their role and is often one of the most misunderstood roles and often taken for granted.

By definition, the Liaison Officer is supposed to interface with the representatives of cooperating and assisting agencies at an incident. While this is done, it’s often the easier part of the job. Yes, these agencies may have their own needs and nuances, but the more challenging part is the interface with anyone who is not directly part of the chain of command. Large, complex incidents often last longer, which means that a significant number of third parties will have interest in the operation. Everyone wants to speak with the person in charge (the Incident Commander), but the IC needs to be focused on the management of the incident through the Command and General Staff, as well as important commitments like briefing their boss (usually an elected official), and participating in some media briefings. There is little time available to speak with everyone who wants to speak with them.

The people that want to interface with the IC may include organizations seeking to offer their services to the effort, which could be a not for profit organization (Team Rubicon, for example) or a for-profit company (such as a local construction firm), or even a group of organized volunteers (like the Cajun navy). They might be elected officials other than those they report to. They could include representatives from labor unions, environmental groups, regulatory agencies, insurance companies, or property owners. Each of these groups may have legitimate reasons to be interfacing with the incident management organization and the Liaison Officer is the one they should be working with. The Liaison Officer may also be tasked with interfacing with the variety of operations centers which can be activated during an incident.

To be most effective, the Liaison Officer must be more than a gatekeeper. They aren’t there just to restrict or control access to the IC. As a member of the Command Staff they are acting as an agent of the IC, and working within the guidelines established by the IC, should be effectively handling the needs of most of these individuals and organizations on behalf of the IC. The Liaison Officer needs to be politically astute, professional, and knowledgeable about the specifics of the incident and emergency management in general. They should be adept at solving problems and be able to recognize when something needs to be referred to someone else or elevated to the IC.

The Liaison Officer is a position we usually don’t see assigned on smaller incidents (type 4 and 5), so most people don’t get experience in using it, interfacing with it, or being it. The position is often necessary on type 3 incidents, but still rarely assigned as an organization or jurisdiction might not have someone available to assign or the IC thinks they can handle it themselves. We definitely see them used in Type 1 and 2 incidents, but much of that credit goes to formal incident management teams who deploy with this position. Liaison Officers work well in an incident command post for incidents and events, but also have a strong function in EOCs – especially local EOCs responsible for significant coordination. All around, the Liaison Officer benefits most from a notepad, a charged cell phone, and a pocket full of business cards.

Earlier this year, FEMA expanded their Public Assistance program to include houses of worship. As the FEMA news release linked here states, the Stafford Act allows FEMA to provide Public Assistance (PA) to certain private not for profit organizations to repair or replace facilities damaged or destroyed by a major disaster. In a move that seems to underscore FEMA’s change in policy, the President signed a bill into law a few days ago making this policy decision permanent. Both the policy and the bill back-dated impacts to include Hurricane Harvey.

This is a decision that I’m honestly torn on. On one hand, houses of worship serve as community centers, shelters, and points of distribution in many communities. Some (but not all) provide critical services for their communities during disasters. Aside from the spiritual aspect, these are organizations that communities turn to in time of need. In fact, there exist a number of faith-based organizations that support disaster response and recovery that do incredible work. Faith-based organizations are a critical partner in communities, and across the nation and the world. On the other hand, I’m not certain about the government’s responsibility to fund the rebuilding of houses of worship – most especially if they do not serve the purpose of an approved shelter, point of distribution, or other sanctioned disaster-related activity in a community’s disaster plan.

FEMA’s PA guidelines can be very stringent. The reason for this is to ensure responsible expenditure of taxpayer dollars in helping communities to recover from disaster. In work as a state employee and as a consultant I’ve sat in meetings with FEMA in the aftermath of disasters working to ensure that eligible applicants were submitting the appropriate paperwork for eligible projects and receiving everything afforded to them under FEMA policy and the Stafford Act. This process is bureaucratic and, at times, contentious. The burden of proof is on the applicant to prove that they are, in fact, eligible to receive recovery assistance, and each category of projects has very specific guidelines.

Given this, to ensure fair application of tax payer dollars, I expect to see guidelines in FEMA’s PA guidebook update that require certain conditions to be met for houses of worship to be eligible to receive PA assistance after a disaster. These would include:

Being part of the community’s emergency operations plan for key activities such as sheltering, points of distribution, etc.

As with any facility identified for these key activities, I believe they should embrace practices of resilience. That includes having their own emergency operations and business continuity plans as well as a documented history of proactive disaster mitigation projects for their properties (these don’t have to be complex or expensive. Generators, sump pumps, and preventative landscaping are reasonably simple and high impact)

Practices of non-discrimination, especially during times of disaster, to include providing for people of all faiths

The PA policy itself should not discriminate against any particular religion

I simply don’t think I can refrain from some extended commentary on the Hawaii missile notification incident any longer. I’ve tossed a few Tweets on this topic in the past couple of weeks, but as the layers of this onion are peeled back, more and more is being revealed. I’m not a conspiracy theorist, but the number of half-truths that have been reported on this incident lead me to believe we still don’t know everything that transpired that morning. Now that the FCC has leaned into this investigation, more and more information is being revealed, despite reports that the employee at the center of it gave limited cooperation in the investigation (likely at the advice of an attorney). Most of my commentary is based upon information reported by the Business Insider and Washington Post which includes information from the ongoing FCC investigation.

First, why was public notification of a false missile strike such a big deal? The effective practice of notification and warning in emergency management relies on the transmission of accurate, timely, and relevant information. Since emergency management is already challenged by a percentage of citizens that willfully don’t pay attention to warnings, don’t care about them enough to take action, or otherwise refuse to take action, the erosion of any of these pillars will degrade public trust in an already less than ideal environment. We sometimes struggle to get accurate weather-related warnings issued, but when a warning is sent for a ballistic missile strike that isn’t occurring, that’s a significant error. We certainly saw across social media the stories of people on the Hawaiian Islands as well as those in the continental US with friends and family in Hawaii. The notification of an impending ballistic missile strike is terrifying to a population. Imagine saying good bye to your family and loved ones for what you think is the last time. What truly made this erroneous notification unforgivable was the 38-minute time span it took for it to be rectified.

While there is a lot of obvious focus on the employee who actually activated the alert, I see this person as only one piece of the chain of failures that occurred that morning. It was first reported that the employee accidentally selected the wrong option in a drop-down menu; selecting an actual alert instead of a test. While mistakes can and do happen in any industry, the processes we use should undergo reviews to minimize mistakes. Those processes include the tools and technology we use to execute. Certainly, any system that issues a mass notification should have a pop-up that says ‘ARE YOU REALLY SURE YOU WANT TO DO THIS???’ or a requirement for verification by another individual. I’ll note that the Business Insider article says there is a verification pop-up in the system they used, so clearly that wasn’t enough.

Findings released from the initial FCC investigation found that the employee apparently thought this was a real incident instead of an exercise, therefore, their action was intentional. So, we have another mistake. As mentioned before, the processes and systems we have in place should strive to minimize mistakes. A standard in exercise management is to use a phrase similar to ‘THIS IS AN EXERCISE’ in all exercise communications. By doing so, everyone who receives these communications, intentionally or otherwise, is aware that what is being discussed is not real. I would hope that if the warning point employee heard that phrase with the order to issue an emergency alert, the outcome would have been different. According to the FCC report, the phrase ‘Exercise, exercise, exercise’ was used, but so was the phrase ‘this is not a drill’. While reports indicate some issues with past performance of this employee, I would caution that messages such as this are confusing and should never be issued in this manner. They need to take a serious look at their exercise program and how it is managed and implemented.

Next, 38 minutes of time passed before a retraction was issued. Forgive me here, but what the fuck happens in 38 minutes that you can’t issue a retraction? There are timelines posted in the Business Insider and Washington Post articles on this matter. I believe that what I’m reading is factual, but I shake my head at the ineptitude of leadership that existed, ranging from the employee’s supervisor, to the agency director, and all the way up to the Governor. There is no reason a retraction could not have been issued within minutes of this false alarm. We see things in this timeline such as ‘drafting a retraction’ and ‘lost Twitter password’. Simply bullshit. There isn’t much to draft for an initial retraction other than ‘False Alarm – No missile threat’. We know from later in the timeline that this could have been sent through the same system that sent the initial message.

It’s noted that Hawaii EMA didn’t have a plan in place for issuing retractions on messages. An easy enough oversight, I suppose, but when they report that this same employee had issued false messages on two previous occasions, a plan would have been developed for something that was an obvious concern.

A possible path to correction is a bill that may be introduced by Sen. Brian Schatz which would give the US Departments of Defense and Homeland Security the responsibility to notify the public of an incoming missile attack. Is this a perfect fix? No. Consider that weather alerts can be issued by the National Weather Service, or by state or local emergency management agencies based upon NWS information or what they are actually observing on the ground. I’m a big believer in state’s rights as well as their ultimate responsibility to care for their populations, so I believe the states should have the ability to issue such alerts, however they should generally be defaulting to DoD, as DoD has the technology to detect an incoming attack.

There are numerous layers of failure in this situation which need to be examined and addressed through rigorous preparedness measures. It obviously was an embarrassing occurrence for Hawaii EMA and I’m sure they are working to address it. The intent of my article isn’t to harp on them, but to identify the potential points of failure found in many of our systems. Unfortunately, this situation makes for a case study that we all can learn from. Current technology provides every state, county, city, town, and village the ability to access an emergency alert system of some type. Some are municipal systems, some are regional, some are state, and some are national (IPAWS). We access these systems through custom developed programs or commercially available interfaces. These systems will instantly issue alerts to cell phones, email accounts, social media, radio, and TV; and some will still activate sirens in certain localities. The technology we have enables us to reach a high percentage of our populations and issue critical communications to them. While the technology is great and the message we send is important, it’s only one element of a good public information and warning program. Clearly, we see from the occurrence in Hawaii, that we need to have solid plans, policies, procedures, systems, training, and exercises to ensure that we can effectively and efficiently issue (and retract) those messages. So crack open your own plans and start making a list of what needs to be improved.

Many professions have professional membership organizations which can be joined by those working in the field, retired from the field, or aspiring to work in the field. The practice of emergency management, both broadly and specifically, has a number of professional organizations which you can join. Professional organizations each have their own goals and benefits, which should be examined. Some are simply mutually supportive, providing an opportunity to share and discuss professional ideas and network, supporting the practice from within. Others are active in lobbying and political influence, helping to shape the legal and regulatory landscape of profession. Most provide training and continuing education opportunities, and some even provide certifications.

Here are a few you may want to consider:

National Emergency Management Association (NEMA). NEMA began as an organization for state emergency management directors in the US. The State Directors are still the core group of membership, but NEMA has expanded membership opportunities for others. NEMA’s focus is on supporting emergency management in the US, which they do through providing resources, conferences, and legislative influence.

International Association of Emergency Managers (IAEM). IAEM, as their name indicates, is an international membership organization. Similar to NEMA, they provide a variety of resources, conferences and other events (US regional, US national, and international), and legislative influence. They also provide the credentials of Certified Emergency Manager and Associate Emergency Manager.

Disaster Recovery Institute (DRI). DRI’s focus is on organizational emergency management, which includes the tech side of disaster recovery as well as all phases of emergency management and business continuity. Along with resources, conferences, and training, they offer a variety of certifications in business continuity both generally and specific to certain sectors.

Personally, I think professional organizations can be great, but you must understand what they offer, what you want, and determine if you will gain value from membership, especially in consideration of membership dues. These organizations and other offer substantially reduced dues to full time students, which provides a great opportunity for aspiring practitioners to network and learn.

From personal experience, I’ve found that the benefits gained from professional membership organizations often correspond to your amount of involvement. While they all have resources available to members, networking and opportunities arise from involvement. Going to meetings and conferences, getting involved in committees, and working on projects will often lead to gaining value from your membership.

What I will caution with professional organizations, also from experience, is that they are often cliquish. The development of social groups is a matter of human nature, but I feel that organizations should do more to break down the barriers that can make new members feel unwelcome. Also, examine organizations with a critical eye. Are they simply supportive of their membership or are they supportive of the profession/community as a whole? For example, my local Chamber of Commerce, which I had a very poor experience with, is typically only interested in supporting a certain part of their membership.

A number of membership organizations offer training and professional certifications. Typically, these opportunities are open to everyone, with members often enjoying discounts. The financial commitments should be evaluated based on your own needs. I also suggest that you examine other avenues for training and certification. Training from FEMA, state emergency management offices, and homeland security consortium agencies is usually free, although training obtained from professional organizations may be more targeted or contemporary. As for certifications, as with anything else, you should weigh the benefits against the investment and explore what other opportunities may exist. For example, the requirements for a certain popular emergency management credential are very similar to that of the Certified Emergency and Disaster Professional (CEDP), which is a credential I hold. The CEDP is provided by the International Board for Certification of Safety Managers, a non-profit, independent credentialing organization which maintains credentials for a variety of safety-related professions. Their focus is on professional credentialing, not membership.

The bottom line is that there are a lot of opportunities out there. Professional memberships can be very valuable, but you should always go in knowing what you want from your membership, but also recognize that the real benefits of membership are often proportionate to your measure of involvement in the organization. If you don’t feel you are getting what you want, give feedback to the organization. If things don’t change, don’t feel compelled to keep throwing money at them. Speaking of throwing money at them, non-profits are required to publish annual reports. These can be helpful in seeing what the organization focuses on, what their goals are, and what they have accomplished in the past year. Remember that you are entitled to ask questions, both as a member and a prospective member.

I’d love to hear your thoughts and experiences with professional organizations, particularly across emergency management. I know there are a number of organizations in the broader emergency management community which I didn’t list here, but I didn’t want to go too far down that rabbit hole.

I was recently asked if I would post some information assembled for the Arizona State University (ASU) online emergency management program for those who might want to know more about emergency management careers. The infographic they sent provides a great snapshot of emergency management career opportunities.

From their outreach office: “When different agencies work together to manage a disaster, someone has to coordinate their activities to ensure things run smoothly. This is where emergency management specialists are crucial. From helping reduce vulnerability to hazards to helping communities manage disasters effectively. Below is a look at emergency management as a career.” Information on their program can be found at https://asuonline.asu.edu/.